Experts said the virus, named Gibe-F and Swen, which was first detected on Thursday, arrives as an e-mail attachment posing as a security patch. It then exploits a weakness in Internet Explorer, AFP reported.
When the e-mail attachment is opened, a message appears saying “This will install Microsoft Security Update. Do you wish to continue?”
By then it is too late. Even if the user clicks “No” the worm installs itself on the users hard drive.
“Once an attachment carrying the virus is opened, the Gibe worm starts spreading and producing authentic-looking ‘install and update’ windows,” said the security firm MessageLabs.
“While doing so, it searches hard drives for e-mail addresses and begins mass mailing out additional copies of itself and attempts to render inactive existing security and anti-virus products, opening users up to future vulnerabilities,” it added.
Many computer users will likely be duped as the new virus follows a rash of others aimed at exploiting vulnerabilities in Microsoft programmes. Past viruses have been neutralised by users downloading a “patch” from Microsoft’s home page.
“It searches hard drives for e-mail addresses and begins mass mailing out additional copies of itself”
The Finnish security firm F-Secure also noted that the virus can be spread through the KaZaA music-swapping software by copying itself to KaZaA shared folders.
Last month’s W32.Blaster.Worm carried a hidden message, taunting Microsoft founder Bill Gates.
“I just want to say LOVE YOU SAN!!” read the message. “billy gates [sic] why do you make this possible? Stop making money and fix your software!!”
A teenager from the US city of Minneapolis was apprehended by the FBI at the end of August in connection with the cyber attack, which disabled millions of computers world-wide.